At Schellman, we are watching for the outcome of the first significant enforcement action by the NYDFS under 23 NYCRR Part 500. In this case the DFS’ position is that each instance of non-public information being disclosed constitutes a separate violation resulting in a fine of up to $1,000 per violation. If the court upholds this interpretation of the NYDFS Cybersecurity Regulation, it will suddenly have teeth, specifically in this case as there are millions of alleged violations but more broadly as companies consider their regulatory compliance strategies.
About the Author
Schellman is a leading global provider of attestation, compliance, and certification services. Operating as an alternative practice structure as Schellman & Company, LLC, a top 100 CPA firm, and Schellman Compliance, LLC, a globally accredited compliance assessment firm, we are able to offer clients services as a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor Company, a HITRUST assessor, a FedRAMP 3PAO, and as one of the first CMMC Authorized C3PAOs. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Schellman's approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives using a single third-party assessor. For more information, please visit schellman.com.
More Content by Schellman Compliance
